Normative: Allow CodeLike object evaluation #3294
Conversation
This comment was marked as outdated.
This comment was marked as outdated.
ljharb
added
normative change
@ljharb I think the reasoning behind this PR is that it doesn't really change any functionality, it is just layering. The original proposal from @mikesamuel was a lot bigger, this is just a small piece of that and we were hoping to just ask for consensus rather than pushing this thru the staging process. @cc @nicolo-ribaudo |
|
@caridy if it's normative, it's not just layering - but sure, if the goal is to try to turn it into a needs consensus PR, then this is fine, but my recollection is that that approach was rejected in favor of a proposal, I'm not sure how it'll turn out. |
|
You might be right :-) would this PR obviate the entire linked proposal? |
|
Yeah with this PR the use case for that proposal, trusted types protection of eval and Function would be entirely addressed. That proposal would subsequently be withdrawn. The changes have been reduced over time and that linked PR addressed some of the required changes anyway. |
|
FYI @lukewarlow @nicolo-ribaudo this wouldn't be appropriate for stage 3 before testing and integration work has been completed. Maybe you should change the agenda item asking for stage 3 to stage 2.7? |
|
I don't really like the design here. Instead of adding a Boolean slot, could we add a String slot? The thing I don't like about having a Boolean slot and calling If it doesn't limit what you're trying to do with this proposal, I would much prefer a design like that. |
|
@michaelficarra This is currently tested in WPT. I asked to @ptomato how to test this in test262 but, given that the only observable change is that there might be objects that are not returned as-is by The test that shows that "there exist an object that is not returned as-is by There is also a test about how it interacts with Regarding the host integration, it's specified at https://w3c.github.io/trusted-types/dist/spec/#host-ensure-can-compile-strings and https://w3c.github.io/trusted-types/dist/spec/#csp-eval. |
I recommended using When it comes to Trusted Types, the host is checking not only that the |
|
@syg I was reading tc39/proposal-source-phase-imports#59 — should we replace the internal slot on the host-provided object with a |
This change introduces a new HostDefinedIsCodeLike internal slot, this is used to allow evaluating certain objects. This change also provides the full code string, the compilation type and the original arguments, to the host hook HostEnsureCanCompileStrings.
- Use a HostGetCodeForEval host hook rather than an internal slot. - Host hook returns a string or unknown and that string is what is evaluated not ToString. - Don't pass constructed codeString to HostEnsureCanCompileStrings
lukewarlow
force-pushed
the
codelike-hostensurecancompilestrings
branch
from
df8ab1f to
f248964
Compare
- PerformEval _direct_ is now an enum. - Reordered steps for handling objects and strings in PerformEval. - Fixed usage of _x_ rather than _xStr_ - Change new host hook to return String or ~no-code~
lukewarlow
force-pushed
the
codelike-hostensurecancompilestrings
branch
from
f248964 to
3c43358
Compare
…teDynamicFunction, it no longer needs moving as it doesn't need the source string.
lukewarlow
force-pushed
the
codelike-hostensurecancompilestrings
branch
from
769995d to
63dbfae
Compare
|
@bakkot I was re-reading the |
|
I don't remember saying such a thing, but either way, yes, that's correct. |
|
@nicolo-ribaudo You may be referring to what I said, and I think I may have confused dynamic functions with built-in functions. While the exact whitespace/comments/etc in the String returned by |
Is this a comment referencing an earlier version of the PR? I don't see an internal slot currently. |
|
@syg yes there was previously a slot but we've changed it to a host hook (which itself may or may not check a slot) |
@michaelficarra is that something we can do without needing to represent that change? Passing the built code string through would indeed be the best course from our side (CSP is in fact already specced that way). |
|
@lukewarlow Any normative change at stage 2.7 or later should be presented to the committee, but I don't think this one should require consensus. It can be just a quick update. |
This aligns with tc39/ecma262#3294 closes tc39#21
This aligns with tc39/ecma262#3294 closes tc39#21
This aligns with tc39/ecma262#3294 closes tc39#21
This aligns with tc39/ecma262#3294 closes tc39#21
This aligns with tc39/ecma262#3294 closes tc39#21
This change introduces a new HostGetCodeForEval host hook, this is used to allow evaluating certain objects.
This change also provides the compilation type and the original arguments, to the host hook HostEnsureCanCompileStrings.
This PR upstreams a reduced version of the https://github.com/tc39/proposal-dynamic-code-brand-checks proposal
Closes #1498, #938